Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flatpak flatpak vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2017-5226
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an malicious user to escape the sandbox.
Projectatomic Bubblewrap
3 Github repositories
9
CVSSv3
CVE-2019-10063
Flatpak prior to 1.0.8, 1.1.x and 1.2.x prior to 1.2.4, and 1.3.x prior to 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject c...
Flatpak Flatpak
Flatpak Flatpak 1.3.0
8.8
CVSSv3
CVE-2021-21261
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug exists in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is pres...
Flatpak Flatpak
Debian Debian Linux 10.0
8.6
CVSSv3
CVE-2021-43860
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in t...
Flatpak Flatpak
Fedoraproject Fedora 35
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.2
CVSSv3
CVE-2021-21381
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an malicious user to gain access to f...
Flatpak Flatpak
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
8.2
CVSSv3
CVE-2019-8308
Flatpak prior to 1.0.7, and 1.1.x and 1.2.x prior to 1.2.3, exposes /proc in the apply_extra script sandbox, which allows malicious users to modify a host-side executable file.
Flatpak Flatpak
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.6
7.8
CVSSv3
CVE-2021-41133
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions before 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host...
Flatpak Flatpak
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.8
CVSSv3
CVE-2020-5291
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root pe...
Projectatomic Bubblewrap
Debian Debian Linux 10.0
Archlinux Arch Linux -
Centos Centos 7.0
7.8
CVSSv3
CVE-2017-9780
In Flatpak prior to 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable ...
Flatpak Flatpak
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2023-28100
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions before 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app...
Flatpak Flatpak
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »